[GIT PULL nf] IPVS Fixes for v3.14

[GIT PULL nf] IPVS Fixes for v3.14

[Simon Horman]

Hi Pablo,

please consider the following fixes for IPVS for v3.14.

It consists of a fix for AF assingment by Michal Kubecek.

I believe this problem is present all the way back to v2.6.30, however, the
change only applies as far back as v3.10.  Please let me know if you would
like me to make some patches for older -stable versions.


The following changes since commit d922e1cb1ea17ac7f0a5c3c2be98d4bd80d055b8:

  net: Document promote_secondaries (2014-01-27 20:39:21 -0800)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/horms/ipvs.git tags/ipvs-fixes-for-v3.14

for you to fetch changes up to 2a971354e74f3837d14b9c8d7f7983b0c9c330e4:

  ipvs: fix AF assignment in ip_vs_conn_new() (2014-02-04 21:13:47 +0900)

----------------------------------------------------------------
IPVS Fixes for v3.14

Correction AF assignment by Michal Kubecek.
This resolves a problem whereby only the first 4 bytes of an IPv6
destination may be copied for a fwmark virtual service.

This problem appears to have been introduced by
be8be9eccbf2d908 "ipvs: Fix IPv4 FWMARK virtual services"
in 2.6.30.

----------------------------------------------------------------
Michal Kubecek (1):
      ipvs: fix AF assignment in ip_vs_conn_new()

 net/netfilter/ipvs/ip_vs_conn.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

[PATCH nf] ipvs: fix AF assignment in ip_vs_conn_new()

[Simon Horman]

From: Michal Kubecek <mkubecek@suse.cz>

If a fwmark is passed to ip_vs_conn_new(), it is passed in
vaddr, not daddr. Therefore we should set AF to AF_UNSPEC in
vaddr assignment (like we do in ip_vs_ct_in_get()), otherwise we
may copy only first 4 bytes of an IPv6 address into cp->daddr.

Signed-off-by: Bogdano Arendartchuk <barendartchuk@suse.com>
Signed-off-by: Michal Kubecek <mkubecek@suse.cz>
Acked-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Simon Horman <horms@verge.net.au>
---
 net/netfilter/ipvs/ip_vs_conn.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_conn.c b/net/netfilter/ipvs/ip_vs_conn.c
index 59a1a85..a8eb0a8 100644
--- a/net/netfilter/ipvs/ip_vs_conn.c
+++ b/net/netfilter/ipvs/ip_vs_conn.c
@@ -871,11 +871,11 @@ ip_vs_conn_new(const struct ip_vs_conn_param *p,
 	cp->protocol	   = p->protocol;
 	ip_vs_addr_set(p->af, &cp->caddr, p->caddr);
 	cp->cport	   = p->cport;
-	ip_vs_addr_set(p->af, &cp->vaddr, p->vaddr);
-	cp->vport	   = p->vport;
-	/* proto should only be IPPROTO_IP if d_addr is a fwmark */
+	/* proto should only be IPPROTO_IP if p->vaddr is a fwmark */
 	ip_vs_addr_set(p->protocol == IPPROTO_IP ? AF_UNSPEC : p->af,
-		       &cp->daddr, daddr);
+		       &cp->vaddr, p->vaddr);
+	cp->vport	   = p->vport;
+	ip_vs_addr_set(p->af, &cp->daddr, daddr);
 	cp->dport          = dport;
 	cp->flags	   = flags;
 	cp->fwmark         = fwmark;
-- 
1.8.5.2

Re: [GIT PULL nf] IPVS Fixes for v3.14

[Pablo Neira Ayuso]

On Tue, Feb 04, 2014 at 09:34:20PM +0900, Simon Horman wrote:
> Hi Pablo,
> 
> please consider the following fixes for IPVS for v3.14.
> 
> It consists of a fix for AF assingment by Michal Kubecek.
> 
> I believe this problem is present all the way back to v2.6.30, however, the
> change only applies as far back as v3.10.  Please let me know if you would
> like me to make some patches for older -stable versions.
> 
> 
> The following changes since commit d922e1cb1ea17ac7f0a5c3c2be98d4bd80d055b8:
> 
>   net: Document promote_secondaries (2014-01-27 20:39:21 -0800)
> 
> are available in the git repository at:
> 
>   git://git.kernel.org/pub/scm/linux/kernel/git/horms/ipvs.git tags/ipvs-fixes-for-v3.14

Pulled, thanks Simon.